---
layout: default
permalink: /content/
title: Content
---

# Presentations

[Reverse Engineering Malware 101] | WiCys Conference 2017, DEF CON 2017

.Net Hijacking to Defend Powershell [slides](https://securedorg.github.io/docs/Cansecwest2017_NETHijackingPowerShell.pdf) | BSides 2017, CanSecWest

Instegogram: Leveraging Instagram for C2 via Image Steganography [slides](https://securedorg.github.io/docs/InstegogramDefCon2016_H_A_Dredatcted.pdf) | DefCon (Crypto Village) 2016 | 

OSX Malware: Plists, Shell Scripts, and Objective-C, Oh-My! [slides](https://securedorg.github.io/docs/MIRcon_2014_RD_Track_Plists_Shell_Scripts_Object-C.pdf) | Mircon 2014

DLL Side-Loading: A Thorn in the Side of the Anti-Virus (AV) Industry [slides](https://securedorg.github.io/docs/hta-w04a-dll-side-loading-a-thorn-in-the-side-of-the-anti-virus-_av_-industry.pdf) | RSA Conference 2014

Vehicle Embedded System Imaging & Extraction, Examination and Exploitation | DoD Cyber Crime Conference 2012


# Whitepapers

* [Malware Dynamic Behavior Classification: SVM-HMM applied to Malware API Sequencing](https://securedorg.github.io/docs/MDBC_API_Sequencing.pdf) | Johns Hopkins University

* [Dll Side-Loading: A Thorn in the Side of  the Anti-Virus Industry](https://securedorg.github.io/docs/rpt-dll-sideloading.pdf)

# Work Blogs

* [Instegogram: Leveraging Instagram for C2 via Image Steganography](https://www.endgame.com/blog/instegogram-leveraging-instagram-c2-image-steganography) | Endgame

* [Your Package Has Been Successfully Encrypted: TeslaCrypt 4.1A and the Malware Attack Chain](https://www.endgame.com/blog/your-package-has-been-successfully-encrypted-teslacrypt-41a-and-malware-attack-chain) | Endgame

* [DOS AND DON’TS WITH DOCUMENT EMBEDDED OBJECTS](https://www.fireeye.com/blog/threat-research/2015/04/dos_and_don_ts_with.html) | FireEye

* [MACROS GALORE](https://www.fireeye.com/blog/threat-research/2015/10/macros_galore.html) | FireEye

* [A NOT-SO CIVIC DUTY: ASPROX BOTNET CAMPAIGN SPREADS COURT DATES AND MALWARE](https://www.fireeye.com/blog/threat-research/2014/06/a-not-so-civic-duty-asprox-botnet-campaign-spreads-court-dates-and-malware.html) | FireEye

* [TARGETED ATTACK TREND ALERT: PLUGX THE OLD DOG WITH A NEW TRICK](https://www.fireeye.com/blog/threat-research/2013/05/targeted-attack-trend-alert-plugx-the-old-dog-with-a-new-trick.html) | FireEye